1. Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation OWASP AppSec Seattle October 2006 http://www.owasp.org/ OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust Dinis Cruz OWASP dinis.cruz@owasp.net

2. OWASP AppSec Seattle 2006 2 Mission  Enabling organizations to develop, maintain, and purchase applications that they can trust

3. OWASP AppSec Seattle 2006 3 OWASP Foundation  The OWASP Foundation is a 501c3 not-for- profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.

4. OWASP AppSec Seattle 2006 4 History  2000: Mark Curphey and Microsoft Word  2001: OWASP Guide 1.0  Sep 2002: Many volunteers finish 1.1.1  Oct 2002: owasp-leaders created  Leaders from each project  This meritocracy still leads us today  2003: OWASP Foundation created  -> 2006: tons of new projects (see tomorrow)

5. OWASP AppSec Seattle 2006 5 It’s about community  Built on great foundations built by our contributors  Greater peer to peer participation  Emphasis on local community building  More support for your projects

6. OWASP AppSec Seattle 2006 6 www.owasp.org

7. OWASP AppSec Seattle 2006 7 It’s about building a solid foundation  Transparency  Annual Report, financial details  Annual report (with financial details) starting 2006  Move to more formal structure in 2007 timeframe (à la Apache, NetBSD, Debian, etc)  Improve membership experience  Membership packages  Individual  Corporate  Sponsor  Starter chapter pack

8. OWASP AppSec Seattle 2006 8 Autumn of Code 2006 »The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects.  On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.

9. OWASP AppSec Seattle 2006 9 Autumn of Code 2006 - Projects  WebScarab NG – Rogan Dawes  Live CD – Joshua Perrymon  CAL9000 – Chris Loomis  SiteGenerator and ORG – Mike de Libero  Pantera – Simon Roses  Web Goat – Sherif Koussa  Testing Guide – Matteo Meucci  OWASP.NET Tools – Boris Maletic  OWASP Website and Branding – Aaron M. Holmes

10. OWASP AppSec Seattle 2006 10 Current projects (see website)  Release Quality  Beta Status  Alpha Status  Technology, Research, and Guides

11. OWASP AppSec Seattle 2006 11 Funding model  Need to increase OWASP individual and corporate members  Current funding model  Conferences  Corporate and Individual Memberships (to be GNI adjusted)  Advertising  Sponsorships

12. OWASP AppSec Seattle 2006 12 OWASP Membership  An active voice in the development of OWASP Materials that are becoming widely accepted as an application security standard for all organizations.  A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects.  Timely electronic notification of updates to the OWASP Materials.  Visibility for your organization's tangible commitment to application security through its inclusion in the members list on the OWASP website and promotional materials.  The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service.  Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings.  Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.

13. OWASP AppSec Seattle 2006 13 OWASP Membership cost

14. OWASP AppSec Seattle 2006 14 Local Chapters

15. OWASP AppSec Seattle 2006 15 Chapters!

16. OWASP AppSec Seattle 2006 16 Local chapters  Easily the most useful OWASP activity  Lots of chapters all around the world

17. OWASP AppSec Seattle 2006 17 Local chapter support  Use our Internet resources  Announce meetings well in advance  Have a schedule well in advance  Be consistent  Community: blogs, forum - in your local language  Present new stuff ... or borrow other chapter’s slides

18. OWASP AppSec Seattle 2006 18 Guidelines for chapters  Encourage membership in OWASP  Try to be easily found and a popular time  Always try to meet, if only for drinkies  Local sponsorship by vendors is fine  Try not to be 0wned by the vendors (of any type)  Protect yourself - insurance, talk choices, etc

19. OWASP AppSec Seattle 2006 19 Leadership Focus  Developing OWASP Foundation and infrastructure  Helping you deliver timely, useful projects  Keeping today’s flagship products fresh and relevant  Winter, Spring, and Summer of Code 2007

20. OWASP AppSec Seattle 2006 20 OWASP Brand  Our brand is important to us  Need something to help get rid of freeloaders  Many firms abusing OWASP Top 10 / Guide brand  Need a 'brand management' project

21. OWASP AppSec Seattle 2006 21 Project Incubators  Initiate any project you like  Each project will have its own space  Community: Link to team member blogs and forum  Resources: Samples, downloads, private workspace

22. OWASP AppSec Seattle 2006 22 Project Focus  Participate!  What do you want us to focus on?